An Advisory concerning BlackMatter ransomware cyber intrusions was issued by The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and National Security Agency (NSA). These intrusions have affected U.S. critical infrastructure entities: two U.S. food and agriculture sector organizations. The advisory had details about ransomware like technical details, analysis, how it can be mitigated.
Cyber actors used BlackMatter embedded along with leaked credentials that allowed them to get into the network and remotely encrypt hosts and shared drives. The actor’s deleted backup data and appliances connected to the network: they reformatted the data.
Developers gain from cybercriminal affiliates who deploy BlackMatter as BlackMatter is a ransomware-as-a-service- (Raas) tool. “This advisory highlights the evolving and persistent nature of criminal cyber actors and the need for a collective public and private approach to reduce the impact and prevalence of ransomware attacks,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “CISA, FBI and NSA are taking every step possible to try to make it harder for cybercriminals to operate. Americans can help us in this long-term endeavor by visiting Stopransomware.gov to learn how to reduce their risk of becoming a victim of ransomware.”
“The FBI, along with CISA and NSA, is dedicated to preventing, disrupting, and combating the evolving ransomware threat,” said Bryan Vorndran, Assistant Director of the FBI’s Cyber Division. “Unfortunately, too many ransomware incidents go unreported, and because silence benefits the cybercriminals the most, we ask targeted entities to contact their local FBI Field Office and speak to a cyber agent. By reporting a cyber incident, targeted entities are enhancing our ability to respond and investigate with the goal of disrupting cybercriminal operations. We will continue to leverage our unique authorities and capabilities to protect the American people from this threat; however, we cannot accomplish this alone. We remain committed to providing the public and our private sector partners with information that will bolster their ability to decrease vulnerabilities and increase awareness of potential exploits.”
“The threat of ransomware goes beyond specific impacts to a victim company – it has risen to a national security issue,” said Rob Joyce, Director of Cybersecurity at NSA. “NSA’s technical skills and threat intelligence will continue to support our partners across government and industry to degrade adversary footholds into networks where they launch ransomware. Employing the mitigations in the joint advisory with CISA and FBI will protect networks and mitigate the risk against BlackMatter and other ransomware attacks.”
The advisory documented a sample analysis of BlackMatter ransomware and information from trusted third parties.